5 Things To Know On Microsoft Entra Agent ID

The tech giant is seeking to proactively eliminate major security issues related to the coming ‘AI agent sprawl,’ a Microsoft executive tells CRN.

Microsoft is seeking to proactively eliminate major security issues related to the coming “AI agent sprawl” with its unveiling Monday of Entra Agent ID, a Microsoft executive told CRN.

The tech giant’s new Entra Agent ID offering enables organizations to gain improved visibility into agents while also allowing for application of identity and access policies through Microsoft’s Conditional Access capabilities, according to Alex Simons, corporate vice president for product management and identity security at Microsoft.

The capabilities simplify management and security for AI agents and are crucial because when it comes to agents, “the scale of the sprawl is going to be so big [and happen] so fast” within many organizations, Simons said.

The goal of Entra Agent ID, he said, is ultimately so that customers “can confidently start adopting agentic AI.”

Entra Agent ID was announced as a public preview Monday in connection with the start of Microsoft Build 2025.

What follows are five things to know about Microsoft Entra Agent ID.

Agent Sprawl Is Coming

While Microsoft is unsurprisingly an early adopter for AI agents, the company is already using 27,000 AI agents internally — with 5,000 agents added in just the past few weeks, Simons said.

“Agent sprawl is a real thing,” he said. “It’s hitting us first, but I think all of our customers will have that issue over the coming years.”

In many conversations with customers, it’s clear that they are enthusiastic about the potential for AI agents but also deeply concerned about how to govern and secure agents on a large scale, according to Simons.

Visibility Into Agents

Microsoft is aiming to make this far easier to accomplish first by embedding a unique Agent ID into every AI agent created with Microsoft tools such as Azure AI Foundry, Copilot Studio and Security Copilot.

The idea is comparable to a car’s VIN number, which automatically comes with every new car and allows the vehicle to be tracked over time, Simons noted.

With every agent produced by Microsoft tools coming with an agent ID built in, “that gives our customers the ability to have visibility of all of those agents from the directory,” he said.

Management Of Agents

Once organizations have visibility into their agents, they can then manage what those agents can access, Simons said.

For instance, “how do they authenticate? What’s their lifecycle? When do they have to be re-approved? Should they still be around? Are they still being used?” he said.

“All of that will now be manageable from Entra ID,” Simons said. “So all of the power that we give them for managing how users can access things — and governing those users and protecting them — now, those [capabilities] will all be available for their agents as well.”

Conditional Access

Specifically, Microsoft will make it possible for organizations using Entra Agent ID to implement Conditional Access for AI agents, allowing partners and customers to set security policies in real time for agents, according to Simons.

Until now, organizations have used Conditional Access for managing how and when users can connect to services — for instance, based on the user’s location or time that they’re trying to access a service, he said.

“Now you’ll be able to do the same thing for agents,” Simons said.

Future Capabilities And Partner Opportunities

Beyond the initial sets of capabilities around visibility and Conditional Access with Entra Agent ID, Microsoft plans to roll out a broader set of capabilities over the next six months, according to Simons.

For instance, in the future Microsoft plans to expand beyond securing agents made by its own platforms to also covering agents made by other tools, he said. Down the road, “we’re going to make it so that anyone who is spinning up an agent in any toolset that you want to use, you’ll be able to ground it in an Agent ID from Microsoft if you want to do that,” Simons said.

For partners — who play a “critical role” in identity management in general — “I think they will play a similarly huge role for agentic identities,” he said. “Every agent in an enterprise is going to need to be able to work with lots of other things in the enterprise. And I think there’s a there’s a big role for our partners in helping customers do that.”